httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Patch for CERT-reported problems.
Date Mon, 06 Nov 1995 17:23:28 GMT
The following patch fixes all of the problems reported in the CERT advisory
forwarded by Elizabeth (except for the symlink-check business, which I'd fixed
already long ago).  I did finally decide to do everything in no2slash(), for
the sake of simplicity...

*** util.c~	Fri Nov  3 14:07:10 1995
--- util.c	Mon Nov  6 12:16:48 1995
***************
*** 217,229 ****
      }
  }
  
  void no2slash(char *name) {
-     register int x,y;
  
!     for(x=0; name[x]; x++)
!         if(x && (name[x-1] == '/') && (name[x] == '/'))
!             for(y=x+1;name[y-1];y++)
!                 name[y-1] = name[y];
  }
  
  char *make_dirstr(pool *p, char *s, int n) {
--- 217,264 ----
      }
  }
  
+ static void strip_slash_segment(char *segment)
+ {
+     /* Delete any number of leading slashes or *single* '.'
+      * characters from seg...
+      */
+     char *endslashes = segment;
+ 
+     /* Find end of redundant segment delimeters */
+     
+     while (*endslashes) {
+ 	if (endslashes[0] == '/') ++endslashes;
+ 	else if (endslashes[0] == '.' &&
+ 		 (endslashes[1] == '/' || endslashes[1] == '\0'))
+ 	    ++endslashes;
+ 	else break;
+     }
+ 
+     /* Check that copy below will do something --- don't bother if
+      * we have nothing to trim.
+      */
+ 
+     if (endslashes == segment) return;
+     
+     /* Copy trailing string over them, including final NUL */ 
+     
+     while (*endslashes) *segment++ = *endslashes++;
+     *segment = '\0';
+ }
+ 
  void no2slash(char *name) {
  
!     if (*name == '/') ++name;
! 
!     /* At top of this loop, name is past the next '/' character.
!      * Strip away redundant delimeters afterwards, and repeat.
!      */
!     
!     while (name && *name) {
! 	strip_slash_segment(name);
! 	name = strchr (name + 1, '/');
! 	if (name) ++ name;
!     }
  }
  
  char *make_dirstr(pool *p, char *s, int n) {

Mime
View raw message